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Detailed Description 

Claims 

Fulltext Word Count: 4 623 
English Abstract 

The present invention is directed to a method and apparatus for securely 
re-synchronizing a stream cipher while a mobile station is travelling 
from the range of a fist base station to a second base station. In one 
aspect of the invention, a secr et key and a unique non-secret key are, 
used to reinitialize the stream cipher, used by the mobile station . (The 
unique non-secret key can also be referred to as quasi-secret key) . A 
quasi-secret key is transmitted from a fist base station to a second base 
station, and the second base station uses the quasi-secret key to 
initialize a stream cypher generator . Hence, both the molijJL^^S-ta lLion and 
the second base station will start generating the stream cipher from the 
same-initial state . In another aspect of the invention, a secret key and 
a quasi-secret key are" used to create a new key. During a soft handoff 
process, a quasi-secret key is transmitted from a fist base station to a 
second base station. The second base station uses the quasi-secret key 
and a secret key to generate a new ke y. The mobile station and the second 
base station use the new key to generate a new stream cipher for 
encrypting the data streamf lowing between the mobile station and the 
second base station. 

French Abstract 

L' invention concerne un procede et un appareil permettant de 
resynchroniser un chiffrement en continu pendant un transfert en douceur. 
Les informations de chiffrement quasi-secretes transmises sont utilisees 
avec une cle secrete, afin de reinitialiser un generateur de chiffrement 
en continu situe dans une station de base et un generateur de chiffrement 
en continu situe dans une station mobile. Du fait que les informations de 
chiffrement quasi-secretes sont determinees uniquement en fonction de 
chaque station de base du systeme telephonique sans fil, il est egalement 
possible d'utiliser une information de chiffrement de station de base 
quasi-secrete et une cle de cryptage partagee pour creer une nouvelle 



cle. En consequence, lorsque la station mobile se deplace d'une station 
de base vers une autre station de base, une nouvelle cle unique est 
generee pour chaque station de base. 

Legal Status (Type, Date, Text) 

Publication 20010517 A2 Without international search report and to be 

republished upon receipt of that report. 

Examination 20010927 Request for preliminary examination prior to end of 

19th month from priority date 

Search Rpt 20011122 Late publication of international search report 

Republication 20011122 A3 With international search report. 

Fulltext Availability: 
Detailed Description 

Detailed Description 

transmission end 5 combined with a subtraction operation on the 
receiving end 6. 

For the encryption and decryption process of FIG. I to work, there 
must 

be synchronization between the transmission end 5 and the receiving end 
6. 

Each bit of the encrypted data stream must be XORed with the correct, 
corresponding bit of the stream cipher . Otherwise, the output will not 
correspond to the original data. 

In some circumstances, restarting or regenerating the stream cipher at 
the receiving end 6 requires an avoidable use of system resources. One 
method of generating stream ciphers efficiently is disclosed in U.S. 
Patent Application 

No. 08/934,582, filed September 22, 1997, entitled "METHOD AND 
APPARATUS FOR GENERATING ENCRYPTION STREAM CIPHERS , " 
assigned to the assignee of the present invention, and incorporated by 
reference herein. 

In one embodiment of the invention, a stream cipher can be generated 
with a linear feedback shift register. A linear feedback shift register 
holds . . . 

...current state that consists of k elements from some finite field. If the 
starting states ( derived directly from the shared secret key ) are 
known and the number of times by which the linear feedback shift 
registers have been cycled is also known, then the registers can be 
updated to the state to which the encrypted data stream currently 
corresponds . 

When a register is cycled, a new element of the register... 

...k is a constant indicating the order of the recurrence relation, and n 
is an index in time. The state variables S and coefficients Ci are 
elements of the underlying finite... 
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English Abstract 

A method and apparatus for encrypting and decrypting data is disclosed 
which employs two or more cryptographic algorithms to achieve high 
throughput without compromizing security. The invention is especially 
useful for software implementation to protect large amounts of multimedia 
data over high-speed communication channels. 

French Abstract 

L' invention concerne un procede et un appareil de chiffrage et de 
dechiffrage de donnees . Ce procede utilise au moins deux algorithmes 
cryptographiques pour obtenir un rendement eleve sans nuire a la 
securite. L' invention est particulierement utile pour la realisation 
logicielle en vue de proteger de grandes quantites de donnees multimedia 
passant par des canaux de communication haute vitesse. 

Legal Status (Type, Date, Text) 

Publication 20000928 Al With international search report. 

Publication 20000928 Al Before the expiration of the time limit for 

amending the claims and to be republished in the 
event of the receipt of amendments. 

Examination 20001123 Request for preliminary examination prior to end of 

19th month from priority date 

Detailed Description 

METHOD AND APPARATUS FOR 
ENCRYPTING AND DECRYPTING DATA 
FIELD OF THE INVENTION 

The present invention relates to cryptography and in particular to a 
method and apparatus for encrypting and decrypting digital data for the 
purpose of protecting or securing its contents. 

BACKGROUND OF THE INVENTION 

There exists a need to transfer data confidentially over an open channel 
or to store such data securely in an unsecure location. Whilst such 
transfer or storage may be achieved by physical means, it is more 
effective and/or flexible to use cryptographic means. 

In the prior art, to send private communications between two parties, the 
parties need to share a cryptographic key and use a symmetric-key cipher 



to encrypt and decrypt data. Various ciphers including block ciphers and 
stream ciphers have been proposed in the past. A stream cipher handles 
messages of arbitrary size by ciphering individual elements, such as bits 
or bytes of data. This avoids the need to accumulate data into a block 
before ciphering as is necessary in a block cipher. A conventional block 
cipher requires an accumulation of a certain amount of data or multiple 
data elements for ciphering to complete. Examples of block ciphers 
include DES (see ANSI X3.92, "American National Standard for Data 
Encryption Algorithm (DEA) , " American National Standards Institute, 
1981), IDEA, 

(see X. Lai, J. Massey, and S. Murphy, "Markov ciphers and differential 
cryptanalysis , " Advances in Cryptology - EUR0CRYPT f 91 Proceedings, 
Springer-Veriag, 1991, pp. 17-38), SAFER (see J. Massey. SAFER K-64: One 
year later. In B. Preneel, editor, Fast Software Encryption - Proceedings 
of Second International Workshop, LNCS 1008, pages 212-241, Springer 
Verlag, 1995), and RC5 (see R. Rivest, "The RC5 encryption algorithm," 
Dr. Dobb's Journal, Vol. 20, No. 1 , January 1995, pp. 146 -148). A 
typical data encryption speed for these ciphers is several million bits 
per second (Mb/s) on a Pentium 266 MHz processor. 

Due to the pervasiveness of high-speed networking and multimedia 
communications, the demand for high-speed ciphers is ever increasing. For 
example, data rates over Asynchronous Data Transfer networks range from 
several tens of Mb/s to 1 Gb/s. Software implementations of existing 
block ciphers cannot reach these kinds of data rates. 

1 0 In general, stream ciphers are much faster than block ciphers. 
However, stream ciphers are usually not sufficiently analyzed and are 
perceived to be weaker in security than block ciphers. Many stream 
ciphers that we believed to be very secure were subsequently broken. The 
design of secure and efficient high-speed ciphers remains a highly 
challenging problem. 



Many powerful cryptanalytical methods have been developed during the past 
decade or so. It may be observed that the success of many of these 
methods in 

attacking a cipher depends on the availability of a large quantity of 
ciphertexts/plaintenxts under a particular encryption key. Normally, the 
likelihood of successfully attacking a cipher, i.e., discovering the key, 
diminishes as the amount of available ciphertexts/plaintexts decreases. 
The present invention, is 

motivated by the above observation, and provides an improved method and 
apparatus for data encryption and decryption. 
SUMMARY OF THE INVENTION 

The method of the present invention may employ a combination of at least 
two 

cryptographic algorithms to achieve relatively high throughput without 
compromizing security. A first algorithm may be a cryptographic pseudo 
random sequence (or number) generator with strong security, and a second 
algorithm may be a cipher capable of high-speed operation, but may be 
weak in security 

when used alone. The first algorithm may be used to systematically and 
periodically generate "segment keys" and the second algorithm may be used 
to encrypt a data segment or plaintext segment using a segment key. Each 
data segment may be encrypted using a different segment key. By limiting 
the sizes of the data segments, an attacker may not have sufficient 
plaintexts or ciphertexts under a given segment key to carry out 
meaningful cryptanalysis against the 

second algorithm. In doing so, the present invention may achieve high 
throughput in data encryption and decryption without compromizing overall 
security of the system. 



According to one aspect of the present invention there is provided a 
method of encrypting data suitable for sending to a decrypting party, 
said method including the steps of. 

( a ) dividing said data into data segments ; 

(b) accepting at least a cryptographic key k shared with the decrypting 



1 5 




party; 

(c) for the Ah data segment (i = 11 21 ... ) to be encrypted, generating 
1 5 the Ah segment key si using a first function with said cryptographic 
key k and some accessory data strings as inputs; 

(d) encr ypting the Ah data segment using a second function with si a s 
the encryption key to form the Ah ciphertext segment; and 

(e) outputting the Ah ciphertext segment, and at least a part of said 
accessory data strings for sending data to the decrypting party, and 
if more data segments are to be encrypted, repeating steps (c) , (d) 
and (e) . 

The accessory data strings may include a single string vi derived from 
the previous value vi-1 in a predetermined fashion. The string vi may be 
'derived according to the relation yj - F(vi-l), i = 1 1 21 ... , wherein 
F( maps vi-1 to yj and vo is an initialization value made known to the 
decrypting party. 

According to a further aspect of the present invention there is provided 
a method of decrypting data encrypted by an encrypting party, said method 
including the steps of. 

(a) accepting at least a cryptographic key k being shared with the 
encrypting party; 

(b) for the Ah ciphertext segment (i = 1, 2, ...,) to be decrypted, 
generating the Ah segment key si using a first function with said 
Cryptograph! c key k and some accessory data strings as inputs; 

(c) decrypting the hh ciphertext segment using a second function with si 
as the decryption key; 

(d) outputting the decrypted Ah ciphertext segment, and if more 
ciphertext segments are to be decrypted, repeating steps (b) , (c) 
and (d) . 

1 0 According to a still further aspect of the present invention there 
is provided apparatus for encrypting data suitable for sending to a 
decrypting party, said apparatus including. 

(a) means for dividing said data into data segments; 

(b) means for accepting at least a cryptographic key k shared with the 
decrypting party; 

(c) means for generating for the Ah data segment (i = 11 21 ... ) to be 
encrypted, the Ah segment key si using a first function with said 
cryptographic key k and some accessory data strings as inputs; 

(d) means for encrypting the Ah data segment using a second function 
with si as the encryption key to form the hh ciphertext segment; and 

(e) means for outputting the Ah ciphertext segment, and at least a part 
of said accessory data strings for sending data to the decrypting 
party . 

According to a still further aspect of the present invention there is 
provided apparatus for decrypting data encrypted by an encrypting party, 
said apparatus. 

including . 

(a) means for accepting at least a cryptographic key k being shared 
with the encrypting party; 

(b) means for generating as inputs for the Ah ciphertext segment (i - 1 1 
2, . . . , ) to be decrypted, the Ah segment key si using a first function 
with said cryptographic key k and some accessory data strings; 

(c) means for decrypting the Ah ciphertext segment using a second 
function with si as the decryption key; and 

(d) means for outputting the decrypted hh ciphertext segment. 
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Title: A New Stegano graphic Method for Palette-Based Images 
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Abstract: In this paper, we present a new steganographic technique for 
embedding messages in palette-based images, such as GIF files. The new 
technique embeds one message bit into one pixel {its pointer to the 
palette) . The pixels for message embedding are chosen randomly using a 
pseudo-random number generator seeded with a secret key . For each pixel 
at which one message bit is to be embedded, the palette is searched for 
closest colors. The closest color with the same parity as the message bit 
is then used instead of the original color. This has the advantage that 
both the overall change due to message embedding and the maximal change in 
colors of pixels is smaller than in methods that perturb the least 
significant bit of indices to a luminance-sorted palette, such as EZ 
Stego. **1 Indeed, numerical experiments indicate that the new technique 
introduces approximately four times less distortion to the carrier image 
than EZ Stego. The maximal color change is 4-5 times smaller for the new 
technique than that of EZ Stego. A technique that introduces less 
distortion to the carrier image will generally cause changes that are more 
difficult to detect, and will therefore provide more security. 6 Refs. 

Descriptors: Image quality; Security of data; Quantum cryptography ; 
Imaging systems; Cosine transforms; Fourier transforms 

Identifiers: Steganographic methods; Digital images 

Classification Codes: 

723.2 (Data Processing); 921.3 (Mathematical Transformations) 

741 (Light, Optics & Optical Devices); 723 (Computer Software, Data 

Handling & Applications); 921 (Applied Mathematics) 

74 (LIGHT & OPTICAL TECHNOLOGY); 72 (COMPUTERS & DATA PROCESSING); 92 

(ENGINEERING MATHEMATICS) 
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ATV, the Abstract Timing Verifier, is a program to perform static 
timing analysis of dependency graphs derived from logic designs, analyzing 
worst-case paths. Unlike other timing verifiers, ATV uses an abstract 
representation of time and delays that enables a user to choose the 



representation of time and delays used in the analysis. Such 
representations include single numbers, ranges (min-max) , and statistical 
descriptions (mean and standard deviation), or asymmetric rise/fall 
versions of all of these. The sophisticated user may develop new models and 
plug them in to the program. 

ATV uses a new algorithm to analyze critical paths that extend through 
transparent latches and stretch over multiple machine cycles. By placing 
events in different reference frames that are rigidly translated relative 
to one another, the program can be used either to check a design for timing 
errors when the clock schedule is fixed and known, or to derive spacing 
constraints between clock edges when only the relative ordering of the 
clock edges is known. 

By defining coercions between delay formats, the same raw data can be 
analyzed using several different timing models to determine the sensitivity 
of reported results to the assumptions made by the different models. In one 
analysis of a chip implementing the Data Encryption Standard, six 
different timing models reported as many as 14 and as few as 4 critical 
paths generating the same key event. In general, asymmetric rise/fall 
models generated more critical paths because of interactions between 
reconvergent paths of opposite polarity. As expected, min-max models tended 
to be the most conservative in estimating required cycle times , 
single-number models using nominal values were the most optimistic, and 
probabilistic models were in between. 

ATV is designed to operate on generic dependency information that 
could be available early in the design cycle, providing early feedback 
about the timing implications of microarchitectural decisions. The 
framework it provides allows new timing models to be developed and compared 
with existing models on an equal basis. The development of the abstract 
timing model has led to new understandings of the similarities and 
differences between the many different timing models in use today. 
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In this paper the author presents key exchange protocols, public-key 
cryptosystems , and signature schemes in quadratic function fields of odd 
characteristic. The cryptographic protocols differ depending upon whether 
the quadratic function field is real or imaginary, where we recall that a 
quadratic function field $K$ is defined as $K=k(t,y)$ where $t$ is 
transcendental over $k$ and $y\sp {2}=D$ with $D=D(t)$ a (squarefree) 
polynomial in $t$ having coefficients in $k$. $K$ is real provided 
$\deg(D)=2g+2$ is even ($g$ the genus of the elliptic or hyperelliptic 
curve $C$ used to define $K$) and the leading coefficient of $D$ is a 
square in $k$, and is imaginary otherwise (the case where $K$ is imaginary 
with $\deg(D)$ even and the leading coefficient nonsquare is real quadratic 
over a quadratic extension of $k$, so when $K$ is imaginary we may take 
$\deg(D)$ to be odd, specifically having degree $2g+l$). The security of 
the protocols relies on analogous versions of the well-known discrete 
logarithm problem for finite fields. 

Before discussing either case, some definitions are in order. Let $k[t]$ 
denote the ring of polynomials in $t$ over $k$ with $\scr{0}$ representing 
the integral closure of $k[t]$ in $K$. $\scr 0$ is a $ k [ t ] $-module of rank 
$2$ with basis $ \ { 1 , \sqrt { D } \ } $ . An integral ideal $\scr{A} \subset 



\scr{0}$ is an ideal with the property that for any $\alpha$, $\beta \in 
J \scr{A}$ and $\theta \in \scr{0}$, $\alpha + \beta \in \scr{A}$ and 

$\theta\alpha \in \scr{A}$. A fractional ideal $\scr{A}$ is a subset of $K$ 
such that $d\scr{A}$ is an integral ideal for some nonzero $d \in k[t]$. If 
the $\scr {0}$-rank of $\scr{A}$ is $1$, that is there exists $\alpha \in K$ 
with $\scr{A}=\{\theta\alpha\colon\ \theta\in\scr { 0 } \ } $ , then $\scr{A}$ is 
a principal ideal with generator $\alpha$, and we write $\scr { A} = ( \ alpha ) $ . 
Throughout the paper, all ideals are assumed to be nonzero, so that every 
integral ideal $\scr{A}$ is a $k [ t ] $-module of rank $2$ with $k[t]$-basis 
$\{SQ,SP+S\sqrt{D}\}$ where $S,Q,P \in k[t]$ with $SQ \neq 0$ and $Q$ 
dividing $D-P\sp {2}$. (There is a misprint in the paper, namely on page 
241, where it is said that $Q$ divides $D\sp {2}-P$; this misprint is not 
repeated, and the correct difference, namely $D-P\sp {2}$, is used 
throughout.) Writing $ \scr { A} - ( SQ, SP) $ , we may assume that $S$ and $Q$ are 
monic with $\deg ( P) <\deg (Q) $ , so that $S$, $Q$, and $P$ are unique. If 
$\scr{A}$ is primitive, that is $S=1$, with $Q$ monic and 
$\deg (P) <\deg (Q) $, then $(Q,P)$ is the standard representation of 
$\scr{A}$, and $\scr{A}$ is said to be in standard form. A primitive ideal 
$\scr{A}$ is reduced if $\deg(Q) \leq g$ . Due to its suitably small 
representation (in terms of $g$) , the notion of a reduced ideal is central 
to efficient computation in $K$, as the author's algorithms demonstrate. 

In the imaginary case, the author's cryptographic schemes are based on 
arithmetic in the ideal class group $\scr{C}$ of $K$, where by the ideal 
class group we mean the factor group $\scr { I } Ascr { P } $ , $\scr{I}$ denoting 
the infinite abelian group, under multiplication of ideals (the product of 
$\scr{A} , \scr{B} \in \scr{I}$, denoted $\scr{AB)$, consists of all finite 
sums of products of the form $ \alpha\beta$ for $\alpha \in \scr{A}$ and 
$\beta \in \scr{B}$), of nonzero fractional ideals of $K$, and $\scr{P}$ 
the subgroup of nonzero fractional principal ideals of $K$ . The index of 
$\scr{C}$, the ideal class number of $K$, is finite and denoted by $h\sp 
{\prime}$. Two fractional ideals $\scr{A}$ and $\scr{B}$ are equivalent if 
there exists $\theta \in K\sp {\ast}$ with $\scr { A} = ( \theta ) \scr { B} $ , that 
is $\scr{A}$ and $\scr{B}$ lie in the same coset of $\scr{C}$. Denote this 
relationship by $\scr{A} \sim \scr{B}$. Every equivalence class of ideals 
contains at least one and at most finitely many reduced ideals. If $K$ is 
imaginary, then each class has a unique reduced representative, and this 
fact can be used to build the algorithms underlying the cryptographic 
schemes. Specifically, letting each class be represented by its reduced 
representative, one can compute the reduced representative of the product 
ideal efficiently, even if the product of the reduced ideals is not itself 
reduced (as it generally will not be) . The discrete logarithm problem for 
the imaginary case, then, is the problem as expressed in $\scr{C}$, namely 
given reduced ideals $\scr{F}\sb {1}$, $\scr{F}\sb {2}$ with $\scr{F}\sb 
{1} \sim \scr{F}\sb {2}\sp {x}$ for some integer $x$, find $x$ mod $h\sp 
{\prime}$. 

The author gives an efficient algorithm to compute a standard 
representation of a product ideal, where the component ideals are reduced 
and in standard form; given the product ideal, she also shows how to 
efficiently determine the reduced representative of the product ideal's 
class. In particular, the algorithms she provides allow one to calculate 
the product ideal in $0(g\sp {2})$ field operations (this algorithm can 
also be applied to the real case); an ideal composition algorithm which 
outputs the reduced ideal equivalent to the product ideal in standard form, 
also in $0(g\sp {2})$ field operations; and an exponentiation algorithm 
based on the square-and-multiply technique, which calculates $\scr{A}\sp 
{n}$ in $0(\max\{l,g\sp {2}\log n\})$ field operations. These algorithms 
are then used to construct a key exchange scheme of Dif f ie-Hellman type 
as well as encryption and signature schemes of ElGamal type. For the 
signature scheme, the author demonstrates the necessity of using a 
collision-free hash function in order to prevent an attack in which the 
cryptanalyst forges the signer's signature by selecting a random positive 
integer $s$ and using said integer to generate a reduced ideal $ (Q\sb 
{r},P\sb {r})$ equivalent to a valid signature $ (Q\sb {r},P\sb {r},s)$. 
Specifically, by using a hash, the signer must generate a reduced ideal 
$(Q\sb {r},P\sb {r})$ before computing $s$, and not vice versa. 

The approach for the imaginary case does not carry over to the case of a 
real quadratic function field, as each ideal class has many reduced 
representatives. By restricting one's attention to the finite set $\scr{R} 



\subset \scr{P}$ of reduced principal ideals, however, one can still 
construct efficient cryptographic schemes. Specifically, one defines the 
distance of a reduced principal ideal $\scr{A}$ to be the degree of a 
generator of minimal nonnegative degree. This quantity is denoted by 
$\delta (\scr{A})$. Further, for nonnegative integer $n$ we say the reduced 
principal ideal $\scr{A}$ is below $n$ if $n-\delta (\scr{A}) \geq 0$ and 
minimal. The discrete logarithm problem for this case is as follows: Given 
reduced principal ideals $\scr{F}\sb {1}$ and $\scr{F}\sb {2}$ so that 
$\scr{F}\sb {1}$ is the reduced principal ideal below $x\scr{F}\sb {2}$, 
find $x$ mod $R$ where $R$ is the maximal distance, or regulator, of $K$ . 
The author shows this problem to be polynomially equivalent to the problem 
of finding the distance of a reduced principal ideal. As with the imaginary 
case, she presents efficient algorithms for computing the standard 
representation of a product ideal as well as determining a reduced 
representative of its class, with running times comparable to those for 
the imaginary case. Additionally, she shows how to find the reduced 
principal ideal below $n$ for any nonnegative integer $n$ . The 
exponentiation algorithm for the real case, based upon algorithms that find 
reduced ideals and compose two ideals according to the manner described 
above, is used in the construction of key exchange and encryption 
protocols, while the exponentiation and ^below' ' algorithms are used to 
form an efficient signature scheme. As with the imaginary case, the key 
exchange protocol is of Dif f ie-Hellman type while the public-key 
cryptosystem and signature scheme are each of ElGamal type. 

The author concludes with a discussion of the security of the 
cryptographic protocols for both cases. So long as the class group 
(imaginary case) or the set of reduced principal ideals (real case) is 
sufficiently large, namely on the order of $q\sp {g}$ for odd prime power 
$q$ and genus $g$, the underlying discrete logarithm problems for said 
protocols can only be solved in exponential time, provided the genus is not 
too large. This contrasts nicely with the corresponding problem in number 
fields, where a subexponent ial algorithm for solving the discrete logarithm 
problem is available (assuming the extended Riemann hypothesis holds) . 
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When I first saw Yan's new book, I was hopeful that this text might serve 
as a nice alternative for teaching undergraduate number theory and 
cryptography , a course I have taught several times . In the preface, he 
says that the text is self-contained, and requires no previous background 
beyond high-school mathematics. 



This text is divided into three parts of about 120 — 130 pages each: 
Elementary number theory, Algorithmic number theory, and Applied number 
theory . 

Part 1, an overview of elementary number theory, has sections on 
divisibility (including Euclid 1 s algorithm), Diophantine equations, 
arithmetic functions, the distribution of primes, congruences (Jacobi 
symbols, the Chinese remainder theorem), and elliptic curves. 

Part 2, on computational and algorithmic number theory, begins with an 
introduction to computability theory and computational complexity, followed 
by sections on primality testing, factorization, and discrete logarithms. 
Next is a section on number-theoretic algorithms for the quantum computer, 
which I found to be a pleasant surprise. I don't recall seeing any other 
texts on algorithmic number theory that included this material. Part 2 
finishes with sections on algorithms for computing $\pi(x)$, for finding 
amicable pairs, for verifying Goldbach f s conjecture, and for finding odd 
perfect numbers . 

Part 3, on applications of number theory, focuses on two application 
areas: computer system design (computer arithmetic, hash functions, error 
detection and correction, and random number generation ) , and 
cryptography (DES, public- key cryptosystems , digital signatures, and 
short sections on steganography and quantum cryptography ) . 

The book opens with 6 pages of definitions and notation used throughout 
the text. There is an index and a rather thorough, 11-page bibliography. 

One very attractive feature is the wealth of historical and biographical 
information. I did not actually calculate this, but nearly every other page 
contains a short biography and picture of a famous historical or current 
personality in the footnotes. For example, on pages 8 and 9 are short 
biographies of Vinogradov, Chen, and Ramanujan, together with pictures. 

I quickly discovered that this text was not appropriate for 
undergraduates (or, at least not most of the ones I teach) . Although there 
are a few exercises, there are not many; certainly not enough for an 
undergraduate course. Also, most of the proofs of the theorems used are 
missing, although plenty of references are included if you want to find the 
proofs, and finally, the material is too dense for undergraduates. 

However, it seems to me this book would be ideal for a graduate student 
in algorithmic number theory: it provides a nice resource and overview of 
the field, and the means to find out more. I certainly would have 
appreciated this text when I was a graduate student, and it is a worthy 
addition to your library. 

Overall, I recommend this book, but I have one minor complaint. Song Yan 
defines algorithmic number theory and computational number theory to be the 
same thing (p. 139) . In my opinion, which I believe is shared by others, 
algorithmic number theory is about studying algorithms, whereas 
computational number theory is about solving problems in number theory 
using the computer. One is a part of computer science, the other a part of 
mathematics. I admit, however, that the line between them is thin in some 
places and blurry in others. 

Reviewer: Sorenson, Jonathan P. Wagstaff, Samuel S., Jr. (1-BUTL-CS) 
Review Type: Signed review 

Descriptors: *llYxx -Number theory-Computational number theory (See also 
11-04); * 11Y11 -Number theory-Computational number theory (See also 11-04)- 
Primality ; 68P25 -Computer science (For papers involving machine 
computations and programs in a specific mathematical area, see Section --04 
in that area) -Theory of data-Data encryption (See also 94A60, 81P68); 
68Q05 -Computer science (For papers involving machine computations and 
programs in a specific mathematical area, see Section --04 in that area)- 
Theory of computing-Models of computation (Turing machines, etc.) (See also 
03D10, 81P68); 68W40 -Computer science (For papers involving machine 
computations and programs in a specific mathematical area, see Section --04 
in that area ) -Algorithms (For numerical algorithms, see 65-XX; for 
combinatorics and graph theory, see 68Rxx ) -Analysis of algorithms (See also 
68Q25); 94A60 -Information and communication, circuits-Communication, 
information- Cryptography (See also 11T71, 14G50, 68P25); 11A51 -Number 
theory-Elementary number theory (For analogues in number fields, see 11R04) 
-Factorization; primality; 11Y55 -Number theory-Computational number 
theory (See also 11-04 ) -Calculation of integer sequences 



13/5/7 (Item 4 from file: 239) 

DIALOG (R) File 239:Mathsci 

(c) 2004 American Mathematical Society. All rts. reserv. 
02447216 MR 94f#94007 

The stability theory of stream ciphers . 
Ding, C. 
Xiao, G. 
Shan, W. 

(Ding, Cun Sheng; Xiao, Guo Zhen) 

Publ: Springer-Verlag, Berlin, 

1991, x+187 pp. ISBN: 3-54 0-54 973-0 

Series: Lecture Notes in Computer Science, 561. 

Price: $31.00. 

Language: English 

Document Type: Book 

Journal Announcement: 9314 

561 

Lecture Notes in Computer Science, 
Subfile: MR (Mathematical Reviews) AMS 
Abstract Length: LONG (76 lines) 

From the introduction: ^This research report is devoted to a new branch 
of stream ciphers : the stability theory of stream ciphers . It is mainly 
based on our research results, which have been obtained since 1987, mainly 
by Ding. In order to be self-contained, the monograph also presents some 
known facts which will be useful in our analyses. 

^Chapter 2 gives an introduction to stream ciphers . Chapter 3 first 
introduces the two kinds of Walsh transforms and their properties. Then it 
discusses the best affine approximation of Boolean functions, which will be 
used as a basic tool for dealing with some problems of some of the 
following chapters. Finally, it presents the BAA attacks on two classes of 
stream ciphers . 

x ' Chapter 4 mainly introduces several measure indexes on the security 
of stream ciphers . Based on the results of Chapter 3, Section 4.1 
discusses whether correlation-immune functions are good filtering or 
combining functions for stream ciphers . Section 4.2 first shows some 
cryptographic merits and demerits of bent functions for some binary 
additive stream ciphers , then presents an autocorrelation 
characterization of bent functions. Section 4.3 introduces new measure 
indexes on the stability of linear complexity of sequences, i.e., weight 
complexity or sphere surface complexity and sphere complexity, and also 
presents basic properties of the two measure indexes . Section 4.4 
analyzes the security of several kinds of key -stream generators from 
the viewpoint of the best affine approximation attacks. Section 4.5 
provides some results on the stability of elementary symmetric functions, 
since they are basic components of the GF ( 2 ) -interpretation of integer 
addition, which have been concluded to be useful in both public-key 
cryptosystems and stream ciphers . 

* x Chapter 5 aims at investigating the stability of linear complexity of 
sequences. Section 5.1 provides basic results about the linear complexity 
of sequences. Section 5.2 is devoted to bounds on the weight complexities 
of binary sequences with period $2\sp n$ . Due to the importance of 
ML-sequences in stream ciphers , lower bounds on them are developed in 
Section 5.3. Based on the results of Section 5.3, Section 5.4 cultivates 
lower bounds on the linear complexities of nonlinear-filtered ML-sequences. 
Since clock-controlled ML-sequences have their merits as key streams, 
Section 5.5 develops bounds on the linear complexities of these 
sequences. Based on the merits of both clock controlled and 
nonlinear-filtered binary ML-sequences, a new kind of key -stream 
generator is presented, and a lower bound on the linear complexity of the 
clock-controlled ML-sequences is derived. Because the linear-complexity 
stability of sequences is of great importance, Section 5.7 provides another 
approach to it by introducing another two measure indexes , i.e., the 
fixed-complexity distance (FCD) and variable-complexity distance (VCD) . 
Furthermore, the relationship between weight complexity and FCD as well as 
sphere complexity and VCD is established by using Blahut's theorem. Bounds 
on the FCD of binary sequences with period $2\sp n$ are also developed in 
this section. 



sx Chapter 6 discusses the period stability of sequences, since the 
linear complexity stability of sequences has strong connections with their 
period stability. Section 6.1 provides general results about the order of 
polynomials and that of the period of sequences. Section 6.2 first gives, 
from the viewpoint of stream ciphers , two measure indexes on the 
period stability of sequences, i.e., weight period and sphere period . 
Then it develops the relationship between weight period and weight 
complexity as well as sphere period and sphere complexity. Section 6.3 
discusses some links between weight period and the autocorrelation 
functions of periodic sequences. Sections 6.4 and 6.5 are devoted to the 
development of some bounds on the weight period of some kinds of 
sequences. Chapter 7 first summarizes the monograph and presents nine open 
problems of the stability of stream ciphers , then introduces the concept 
and proposes some problems of the stability of source coding for the 
sources of binary additive stream ciphers . 

N v We would like to make it clear that by the stability of stream 
ciphers , we take its narrow senses to mean the linear-complexity stability 
and period stability as well as the stability of their combining or 
filtering functions and their source codes. There may be some other 
indexes on the security or strength of stream ciphers , whose stabilities 
need to be investigated. 1 1 
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Let (F{sub}q) {sub}n denote the algebra of n{ times }n matrices over 
F{sub}q, the finite field of q elements, and for each A{ in} ( F{ sub} q) { sub } n, 
let Ind(A) denote the Drazin index of A: i.e., Ind(A) is the least 
nonnegative integer k such that the system of matrix equations (i) A 
{sup} (k+l)X=A{sup}k, (ii) XAX-X and (iii) AX=XA has a (necessarily unique) 
solution. The matrix X is called the Drazin inverse of A [M. P. Drazin, 
Amer. Math. Monthly 65 (1958), 506 - 514; MR 20#5217]. Recently R . E. 
Hartwig [ s ^Drazin inverses in crytography 1 ' , to appear] and J. Levine and 
Hartwig [ Cryptologia 4 (1980), 71 - 85; MR 81d: 94028] have applied the 
concept of the Drazin inverse for matrices over finite fields and residue 
class rings of integers to the Hill cryptographic system. Because of 
this application, Hartwig had asked in a private communication to the 
author for the number of matrices in ( F{ sub} q) { sub } n that have group 
inverses, i.e., that are members of some multiplicative group (within the 
multiplicative semigroup (F{sub}q) {sub}n). It can be shown [see S. L. 
Campbell and C. B. Meyer Jr., Generalized inverses of linear 
transformations, Pitman, London, 1979; MR 80d: 15003] that the set of 
matrices in ( F { sub } q) { sub } n with group inverses is the set of matrices 
A{in} (F{sub}q) {sub}n with Ind(A) <= 1. In the present paper the author 
determines, for each 0 <= k <= n, the number of A{ in } ( F { sub } q) { sub } n with 
Ind(A)=k. The sum of these numbers for k=0 and 1 gives the number sought 
by Hartwig. The key to the determination is the fact that Ind(A)=k, for 



k >= 1, is equal to the index of nilpotency of a certain t{ times }t 
nilpotent matrix N, 1 <= t <= n, where A is similar to a matrix diag(B, 
N) with B invertible. The author extends his results to cover a more 
general class of finite rings that includes the residue class rings of 
integers . 
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Abstract (Basic) : US 4747139 A 

The encrypted information processing system key generator 
hardware for processing an input key associated with the encrypted 
information according to an algorithm to generate a unique output key. 
The decryption key generator uses a single chip microprocessor 
programmed as a finite state machine which, in each of several states, 
responds to a predetermined input word to change to another state and 
output a corresponding output key word. A number of repeatable output 
key word sequences are generated only with predetermined input key 
word sequences, each word of a repeatable output sequence being 
dependent on both the present state of the microprocessor and on an 
input: word to the microprocessor which is acceptable at that state. 

A decrypter for receives the encrypted information and a 
corresponding output key from the klekey generator hardware to decrypt 
the received encrypted information based on the received output key. 

USE/ ADVANTAGE - For protecting software from unauthorised access 
and copying number of possible inputs to key generator is very large 
i'i.t.ie Terms: ENCRYPTION ; INFORMATION; PROCESS; SYSTEM; SOFTWARE; SECURE; 
OMTKJT; KEY; DECRYPTER ; GENERATOR; PRODUCE; MICROPROCESSOR; HARDWARE; 
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Television scrambler with electronic variable key - has key validation 
signal transmitted to receivers along with key containing rank 
identifying data 

Patent Assignee: CNET ETAT FR PTT TE (ETFR ); TEL EDI FFUS ION DE FRANCE 

(TELG ) 
Inventor: CHRISTIAN J F G 

Number of Countries: 001 Number of Patents: 001 
Patent Family: 

Patent No Kind Date Applicat No Kind Date Week 

FR 2583946 A 19861226 FR 859679 A 19850624 198705 B 



Priority Applications (No Type Date): FR 859679 A 19850624 



'/ Patent Details: 

Parent: No Kind Lan Pg Main IPC Filing Notes 
!• R 253394 6 A 23 



Abstract (Basic): ER 2583946 A 

A variable electronic key scrambles the information at the 
transmitter and unscrambles it at the receiver, the key being 

transmitted in any known fashion, as well as the key, a signal for 
validating the key is transmitted from the transmitter to the 
r ece I. ve rs . 

Pref., the different keys contain an item of information which 
identifies their ranks or levels, each validation signal also 
containing the same item of information allowing the identification of 
the key used. Each key is determined in the receiver from a 
transmitter- produced message and a subscriber key repeated at 
regular intervals. 

USE/ADVANTAGE - Teletext systems. Accounts for noise. 

0/9 

Title Terms: TELEVISION; SCRAMBLE ; ELECTRONIC; VARIABLE; KEY; KEY; VALID; 
SIGNAL; TRANSMIT; RECEIVE; KEY; CONTAIN; RANK; IDENTIFY; DATA 

Index Terms/Additional Words: TELETEXT 
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Key management method for encryption communication system, involves 
generating session key and disclosure key using common key and time 
information 

Patent Assignee: NT PPON TELEGRAPH & TELEPHONE CORP (NITE ) 
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Abstract (Basic) : JP 2000075788 A 

NOVELTY - Session and disclosure keys are generated using common 
key and time information.. The time information is encrypted by 

session-, key and is considered as execution consent information. The 
session key belongs to key storage group which is in lower order from 
secret key or transmission side user apparatus, whrle the disclosure 
key belongs to higher order group from that of the receiver side user 
a ppa :. a r. us . 

DETAILED DESCRIPTION - When the next session key is generated 
a;;d there is no group in lower order from the execution consent 
: : : forma c i on , the secret: key of the transmission side user apparatus, 
the common key which consists of disclosure key of receiving side user 
apparatus and the time information are transmitted to the receiving 
side user apparatus and the message is encrypted using the session 
key. Appending information which includes time information is 
generated and rs transmitted to the receiving side user apparatus. 
INDEPENDENT CLAIMS are also included for the following: 

( a ) k e y m a naqement r \ \ e t h o d ; 

(b) key management apparatus; 

(c) program for key management 

US E - Fo r encryp t i o n c omm u n i c a t i on s y s t em . 

ADVANTAGE - The number of system I required for decoding in each 
hierarchy can be set-up independently. Comparison of appending 
information is not needed at the receiving side. 

pp; 14 DwgNo 1/13 
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Encryption key generator of storage type broadcast reception apparatus 
for communication system - generates independent encryption keys for 
viewing and listening to real time and stored program data respectively 
which has been transmitted 

Patent Assignee: MATSUSHITA DENKI SANGYO KK (MATU ) 

N u mb e r o f C o u n tries: 00 1 IM u mbe r of Patents: 001 

Pa ten t Fam.i 1 y : 
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Pa tent Details : 
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JP 11298874 A 56 H04N-007/1G 

Abstract (Basic) : JP 11298874 A 

NOVELTY - An encryption key is generated by generator (206) for 
real time viewing and listening of program data simultaneously while 
program is being transmitted. The transmitted program is stored. 
Another storage encryption key is independently generated for 
viewing and listening of stored program data in future. 

USE - For communication system. 

ADVANTAGE - By using different encryption keys to encrypt the 

program while storing and transmitting, the program is protected 
effectively from unauthorized viewers. DESCRIPTION OF DRAWING (S) - The 
figure shows the block diagram of the storage type broadcast reception 
apparatus. (206) Generator. 
Dwq . 1/31 

; . : - • >rms: ENCRYPTION ; KEY; GENERATOR; STORAGE; TYPE; BROADCAST; 

? : 0i\ ; APPARATUS; COMMUNICATE; SYSTEM; GENERATE; INDEPENDENT; 
ENCRYPTION ; KEY; VIEW; LISTENER; REAL; TIME ; STORAGE; PROGRAM; DATA; 

RESPECTIVE; TRANSMIT 



29/5/2 (Item 2 from file: 347) 

'. .' A.\< }(■ (Rj File 34 7 : JAPIO 

■ ■/•) 2U04 JPO & JAPIO. All rts. reserv. 



03720156 +*Image available** 

CIPHERING METHOD AND DEVICE THEREFOR, RECORDING METHOD, DECODING METHOD 
AND DEVICE THEREFOR AND RECORDING MEDIUM 

PUB. NO.: 10-003256 [JP 10003256 A] 

PUBLISHED: January 06, 1998 ( 19980106) 

1:nVENTOR(s) : ISHIGURO RYUJI 

APPLICANT (s) : SONY CORP [000218] {A Japanese Company or Corporation), JP 

(Japan ) 

A PPL. NO. : 03-269502 [JP 96269502] 

FILED: October 11, 1996 (19961011) 

INTL. CLASS: [6] G09C-001/00; G09C-001/00; G09C-001/00; G11B-020/10; 
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Magnetic & Photornagnetic Recording) 

ABSTRACT 

: ; ROBi.-EM TO BE SOLVED: To easily control the cipherxng key. 

SOLUTION: A ciphering key Kl is generated from a master key K0 using a 
\:n idi reci: ion a 1 function, a next ciphering key K2 is generated from 
the key Kl using the function and similarly n-hierarchial ciphering keys 
Kl to Kn are generated. Then, information is ciphered by the key Kn and 
the information is decoded by the ciphering key Kn . If the key Kn is 
read, the information is ciphered by the key Kn-1 and the information is 
decoded by the key Kn-1. Thus, the information, which is ciphered by the 
key Kn, is decoded by the key Kn obtained from the key Kn-1 using the 
function and the user is only required to maintain the latest key Kn-1. 
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ABSTRACT 

PURPOSE: To reduce the volume of data to be transferred by constituting a 
species data, a data key enciphered with a master key, and a master key 
authorizing data enciphered with the data key as a telegram having a 

communication frame format. 



CONSTITUTION: A CPU11 at a line cipher device 42 generates species data 
of two bytes SV1 and SV2 with a random number generation algorithm, 
furthermore, the data is expanded to an initial value data of eight bytes 
with a common algorithm at line cipher devices 42 and 46. Next , a data 



key K is generated with the random number algorithm, and the data key 
is enciphered with a CIP13 based on a master key KM and the initial value 
data set manually in advance at an SW14 in the line cipher device 42 
using the cipher feed back mode of a DES algorithm, and an EKMK (eight 
bytes) can be obtained. Furthermore, an authorizing data CKCD is similarly 

enciphered with the data key K, and an EK { CKCD ) can be obtained. The 
communication frame format is generated using the data generated with the 
above processing. 
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Secured information exchange method for business application, involves 

determining subsequent encryption key using decrypted 
information and private key 
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Abstract (Basic): US 20020150237 Al 

N 0 V E L T Y - T he info r in a t i. o n s e t i. s encrypted using an encryption 
key determined from the information set that is previously exchanged 
between the terminals (100,110). The received encrypted information 
sei is decrypted using prestored private key. corresponding to an 
information set is determined and stored. The next encryption 
key is determined using the decrypted information and private key. 

DETAILED DESCRIPTION INDEPENDENT CLAIMS are included for the 
f o ! Low i. ng : 

(1) Information exchange system; and 

(2) Information exchange device. 

USE - Eor securely exchanging information like business strategy, 
c r e d 1 1 : c a r d n u rn b e r s , so c i a I s e c u r i t y number, bank account balances, 
medic a 1 record, ere., be t ween terminals using communication network. 

ADVANTAGE - By determining the subsequent encryption key 
using the decrypted i n Co nna t ion and the private key, the information 
are efficiently and securely exchanged between the terminals. 

DESCRIPTION OF DRAWING (S) - The figure shows the schematic view of 
the .information exchange system. 

Terminals (100,110) 
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Object securing method in cryptographic data securing system, involves 
addxng object which is encrypted using working split formed by 
combining splits including random key components, with header 

Patent Assignee: TECSEC INC (TECS-N) 

inventor: DOMANGUE E L; SCHEIDT E M 

Number of Countries: 001 Number of Patents: 001 

Pa cent Family: 

Patent No Kind Date Applicat No Kind Date Week 
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US 6490680 Bl 17 H04L-009/00 Provisional application US 9768785 
Abstract (Basic): US 6490680 Bl 

NOVELTY - Several splits including random key components are 
combined to form a working split, using which the object is encrypted 

Another splits without random key components are combined to 
form a value, using which random key component is encrypted . A 
header formed with information containing user algorithm, encrypted 
key component and decrypt read credentials, is encrypted and added 
to the encrypted object. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is included for object 
decryption method. 

USE - For objects securing in cryptographic data security system 
:"cr communication system and communication network such as LAN and WAN. 

ADVANTAGE - Enables flexible access for authorized users of the 
' 'munui i ica t ion system, while maintaining security for stored data and 
data being transmitted. 

• DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
key encryption process using digital signature. 
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Asymmetric crypto -key generation system for crypto systems, has 
processor which divides private crypto -key into two portion and deletes 
private crypto -key and key portion associated with user's password 
without storing them 
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Abstract (Basic) : US 20020076042 Al 

NOVELTY - A processor generates private crypto -key and 
corresponding public crypto -key. The private crypto -key is divided 
into two portions, among which one portion is based on user's password. 
The private crypto -key and user's password-based key portion are 
deleted without storage, whereas the public crypto -key and other key 
portion are stored in a memory persistently. Another processor 
generates a key portion with an one-way function, when the same 
user's password is received, and then deletes the generated portion 
w i L h o u t storing. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are included for the 
foi lowing : 

(1) Transformed message communication system; 

{ ? ) A s \ 'iwnet r.ic crypto -key generation method; and 

i; Transformed message communication method. 
i; SF - Asymmetric crypto -key generation system for crypto 

s y s ems . 

ADVANTAGE - Asymmetric crypto -keys provide trusted authentication 
o i; u s e r t o o t h e r u s e r s , a s the p r i v a t e c ryp t o -key and user 
password-based key portion are deleted without storing. Enables users 
to manage their information in a secure manner by deleting, changing or 
modi lying the information. 

DESCRIPTION OF DRAWING (S) - The figure shows the flowchart 
explaining the operation carried out by a user, distinguished server 
and sponsor station in associating asymmetric key pair with the user. 
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Abstract (Basic): WO 200221765 A.l 

NOVELTY - Public quantities transmitted by receiver (12b) -for 
storage in a public repository (67), are retreived by a sender (12a). 
sender's quantities and session key (R) are computed using the public 
. ;uan titles by the sender and transmitted to the receiver, for 
computing another session key (K) and received quantities. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
to flowing : 

(a) Cryptographic system; 

(b) Cryptographic unit 

USE - For establishing cryptographic key between sender and 
receiver for exchanging encrypted cyphertext messages in 
cryptographic system (claimed) using communication channels such as 
telephone link, radio link, microwave link, fiber optic link and 
coax :i a 1 cab 1 e Link. 

A D V A N T AG E - E n a b 1 e s f a s t e r and secure exchange of cryp t ographi c 
key between sending and receiving cryptographic units. 

DESCRIPTION OF DRAWING ( S ) The figure shows the block diagram of 
the cryptographic system. 

Sender (12a) 

Receiver (12b) 

Public repository (67) 

Session keys (K,R) 
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Authentication method for network connected terminal, involves generating 
common key usxng confidential information corresponding to model number 
of terminal 
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Abstract (Basic): JP 2001344214 A 

NOVELTY - A common key is generated using the confidential 
.i ii rot: ma i: ion corresponding to the model number of a terminal, and is 
used to encrypt tine body number of the terminal. Another common 
key ;s generated using the confidential information corresponding to 
r he body number, and is used for comparison. 

DPT A I LED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
encryption communication system of terminal. 

USE - For authent ica t mg terminal connected to network. 

/ADVANTAGE - Enables maintaining high secrecy property by generating 
the common key. Eliminates the possibility that terminals other than 
that having specific model number are connected to the server. 

DESCRIPTION OF DRAWING (S) - The figure explains the authentication 
method. (Drawing includes non-English language text). 
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Content information transmission method e.g. for digital audio-video 

data, involves encrypting content information using key obtained based 
on key information encrypted using another key 

Pai-enc Assignee: VICTOR CO OF JAPAN (VTCO ) 
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Abstract (Basic) : JP 2001274784 A 

NOVELTY - Content information is encrypted using a key obtained 
based on key information. The key information contains encrypted 
information obtained by encrypting key information using another 
key . A transmission key with predetermined function is generated 
and transmitted along with the encrypted content information. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 
Col lowing : 

(a) Content information recording method; 

(b) Content information transmission device; 

(c) Content information recording device; 

(d) Transmission medium; 

(e) Recording medium 

USE - E.g. for digital audio-video data. 

ADVANTAGE - Enables to reproduce encrypted content information 

exactly at the reproduction side and enables reproduction of content 
^formation only in norma.! conditions. 

DESCRIPTION OF DRAWING (S) - The figure shows the schematic 
componen l.s of the content information transmission device . ( Drawing 

'.!'.•":.:. udes non-Fnqirsh language text), 
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A session key is generated for each transmission session 
within which mult i - f rame video content is to be transmitted to a video 
sink device (104) through a digital video Link (106) . Using the session 
key, a successive number or r rame keys ar e generated Lor 
ciphering corresponding frames of: the multi-frame video content. 

DETAILED DESCRIPTION INDEPENDENT CLAIMS are also included for the 
to.! low i. rig : 

(a) Digital video content transmission ciphering apparatus ; 

(b) Digital video content transmission deciphering method 
USE - Digital video content transmission ciphering method. 
ADVANTAGE - Video content is protected from unauthorized copying 

during transmission, since the frames of the video content are 
ciphered before transmission. 

DESCRIPTION OE DRAWING (S) - The figure shows the overview of video 
content transmission system. 

Video sink device (104) 

Digital video link (106) 
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Abstract (Basic): WO 200101630 Al 

NOVELTY - The method uses an authentication pprocess to generate a 
ciphering offset value (50) . Each node (12,14) stores offset value and 
uses it to generate subsequent ciphering keys employed to 
encrypt data transmitted between the nodes, so a logical relationship 
between the latest entity authentication process and subsequently 
generated ciphering keys increasing the security and reduce 
o v e r h e a ci s . 

DETAILED DESCRIPTION - Independent claims describe an arrangement 
for generating ciphering keys in a communication node and a system. 

USE - As a method and arrangements for secure linking of entity 
authentication and ciphering key generation. 

ADVANTAGE - Can enhance security in any communication system 
including a mobile telecommunications system, for example, a global 
system for mobile (GSM) communications syatern. 

DESCRIPTION OF DRAWING (S) - The drawing shows a block diagram 
depicting an improved authentication process and arrangement associated 
with secure communications system, for example. 

the ciphering offset value (50) 

the nodes (12 and 14) 
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Encryption communication system, has key determining unit which 
determines encrypting key used by transmitting station and decoding key 
used by receiving station via transfer of discriminative data 
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Abstract (Basic): JP 2000358022 A 

NOVELTY The discriminative information uniquely specifying the 
encryption key is stored and subsequently matched with an encryption 
key into a memory unit. The encryption key used by a transmitting 

5i.au ion and the decodi ng key used by a receiving station is determined 
by a key determining unit through the transfer of the stored 
r: 1 sc.: i mi na t ive i n forma t ion . 

DETAILED DESCRIPTION INDEPENDENT CLAIMS are also included for the 
i o .1 1 o w i n g : 

(a) an encryption key determining method; 

(b) a recording medium into which the computer program in 
determining the encryption key is recorded 

USE - For computer network. 

ADVANTAGE - Ensures that encryption key can be determined 

quickly and efficiently. Prevents leakage of data to an unauthorized 
encrypting appa ra t us . 

DESCRIPTION OF DRAWING (S) - The figure shows the functional block 
diagram of the system assembly of the encryption communication 
system . 
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Abstract: (Basic): US 607901 8 A 

NOVELTY - Private key associated with person or entity signing 
document are received. Digest of specified document is output by 
predefined one-way hash function. A digital signature is generated for 
specified document as predefined function of private key, document 
digest and pseudo-random key (k). A distinct pseudo random key is 
generated for each distinct specified document. 

DETAILED DESCRIPTION - Pseudo random key generation includes the 
following steps. The private key is hashed with the predefined 
one-way hash function to generate an intermediate value. The document 
digest is combined with a value corresponding to the intermediate value 
and an ancillary secret value to generate another intermediate value 
which is then hashed with the predefined one-way has function to 
generate pseudo-random key (k) by predefined computational technique. 
For L.hc given private key, distinct digital signature is generated for 
-ach dist.i net specified document. INDEPENDENT CLAIMS are also included 
[or the following: 

(a) digital signing program stored in recording medium; 

(b) digital signing system for specified document 

USE - For digitally signing specified documents in electronic 
transactions such as financial transactions for providing security 
features. Financial services technology consortium (FSTC) electronic 
check (E-check) project utilize the digital signature standard for 
signing computerized documents such as E-checks. DSS uses the public 
digital signature algorithm (DSA) to compute various encryption key 
components and supply a digital signature to each signed component. 

ADVANTAGE - Eliminates the key exposure problem generated due to 
multiple smart cards for the same user key using simple technique. 
Highly unguessable pseudo- random key seed value is generated reliably. 
Facilitates to perform special computations that entirely eliminate the 
danger of signing different documents with the same pseudo-random key 
v a .1 u e . 

DESCRIPTION OF DRAWING (S) - The figure shows the data flow diagram 
of computer system, 
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Abstract (Basic): EP 1022922 Al 

NOVELTY - The system includes an initial inscription process, 
followed by an exchange of authentication data 

DETAILED DESCRIPTION - The process provides authentication of a 
subscriber and establishment of a secure connection channel between a 
subscriber and a service provider. It includes an initial inscription 
process when the subscriber communicates with the service provider via 
the operator. The process includes an exchange of authentication data 
(DevicelD, Rl; login, mdp) on line and off line. The encoded channel is 
eventually established at the start of each session, after mutual 
authentication, which also uses cryptographic functions. Finally an 
encoding key (Kses) is established without transmission of a secret 
element on the network(s). 

USE - Connection of mobile telephone to network. 

ADVANTAGE - Facilitates secure connection over GSM telephone 
system . 

DESCRIPTION OF DRAWING (S) - The figure shows the sequence of 
establishing the communication channel, 
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program 
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Abstract (Basic): US 6069957 A 

NOVELTY - A certain key is transmitted initially to decrypt 
urogram A. A specific key is transmitted following which produces the 
'initially sent key from cipher text and decrypts program B. 

DETAILED DESCRIPTION - An INDEPENDENT CLAIM is also included for 
program material decryption system. 

\jSE - For; digital cable television system, video conferencing 

s y s t em. 

ADVANTAGE - The present decryption method suits the unique 
capabilities of digital signal transmission. 

DESCRIPTION OF DRAWING (S) - The figure shows the explanation of 
encryption of program. 
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;Pas:.C; : WO 9963707 A ! 

NOVELTY - A secret: encryption key is created corresponding to 
icleruii f i.er or application program. Another secret encryption key 
.is created corresponding to identifier of component. Based on the 
created secret encryption keys, a password for controlling usage of 
software component, is created. 

DETAILED DESCRIPTION - INDEPENDENT CLAIMS are also included for the 

following : 

(a) article comprising machine readable storage medium; 

(b) user computer system 

USE - For controlling usage of software component. 

ADVANTAGE - Ensures that a component functions only with the 



application program, has license number, thus secures capability for 
plug-in or snap-in of component. 

DESCRIPTION OF DRAWING (S) - The figure shows the block diagram of 
operating environment, 
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Abstract (Basic): US 5970142 A 

NOVELTY - A key is pseudo randomly generated in a programmable 
logic device (PLD) (110) and is transmitted to a storage device. An 
encrypted configuration data generated from original configuration 
data in storage device (120) is transmitted to PLD. Encrypted 
configuration data is decrypted to produce original configuration 
data which originally configures PLD. 

DETAILED DESCRIPTION - Another key is pseudo randomly 
generated and transmitted from PLD to a storage device. Additional 
encrypted configuration data is generated using the key and is 
transmitted to PLD. The additional encrypted data is decrypted and 
additional original configured data is generated. The PLD is configured 
using additional original configuration data, produced after 
decryption . An INDEPENDENT CLAIM is also included for programming 
apparatus for programmable logrc device. 

USE - For communicating encrypted configuration data between PLD 
a n d s t o r a g e device. 

ADVANTAGE - Uses relatively small number of gates and provided 
adequate protection of the circuit design as implemented in PLD. 

DESCRIPTION OF DRAWING (S) - The figure shows PLD and storage device 
ha v i ng security circuits. 

PLD (110) 

Storage device (120) 
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NOVELTY - A common key generation unit (107) generates a common 
key, based on the common key generation value stored in a common key 
value register (103) and the common key generation information stored 
in the common key generation information register (105) . The common key 
generation value and information are then transmitted to the other 
party. DETAILED DESCRIPTION - Another common key is generated 
using the next common key generation value and the common key 
generation information stored in the next common key generation 
value register (104) and the common key generation information 
register, respectively. Then, the next common key generation 
value and information are transmitted. An INDEPENDENT CLAIM is also 
included for transmitting and receiving procedure. 

USE - In transmission and reception of an IC card system. 

ADVANTAGE - Since the common key generated which is used for 
encrypting data is not transmitted, the confidentiality of the 
transmitted and received data is enhanced. DESCRIPTION OF DRAWING ( S ) - 
The tiiqure shows the block diagram of the IC connection card. (103) 
Common 'key value register; (104) Common key generation register; (105) 
Common key generation information register; (107) Common key generation 
u n it. 



